cognito_token_verifier 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/Gemfile.lock +2 -2
- data/cognito_token_verifier.gemspec +1 -0
- data/lib/cognito_token_verifier/config.rb +6 -3
- data/lib/cognito_token_verifier/errors.rb +12 -0
- data/lib/cognito_token_verifier/token.rb +7 -4
- data/lib/cognito_token_verifier/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 02ef1ab0355a54f560d05129aa92616d8545ce11e2535787e9444ca8241e4119
|
4
|
+
data.tar.gz: 34ce55f919bf09784375ad764031eb4f724258e50dc18fcc777a9428ca601d27
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ea02cd0a5f932fe6e41e4ff23baa33df6219887022a44dd2e0ad4bc4a291b962a0867035e9358f7c9f9556764859ab318a61abf0b5d4147968c2171a0ee1f5e2
|
7
|
+
data.tar.gz: be564bb2c4ef81f015b458e44b033f11d807c7b3cb3b9c960f16c4982dd2090b28e865d0d9c2a9a8a7bd9eaafebeb07f26f84c06f415545846f35ba6f465f4e9
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
cognito_token_verifier (0.
|
4
|
+
cognito_token_verifier (0.2.0)
|
5
5
|
activesupport (>= 4.2, < 6.0)
|
6
6
|
json-jwt (~> 1.1)
|
7
7
|
rest-client (~> 2.0)
|
@@ -107,7 +107,7 @@ PLATFORMS
|
|
107
107
|
DEPENDENCIES
|
108
108
|
actionpack (>= 4.2, < 6.0)
|
109
109
|
bundler (~> 2.0)
|
110
|
-
byebug
|
110
|
+
byebug (~> 11.0)
|
111
111
|
cognito_token_verifier!
|
112
112
|
rake (>= 10.0, < 13.0)
|
113
113
|
rspec-rails (~> 3.0)
|
@@ -12,6 +12,7 @@ Gem::Specification.new do |spec|
|
|
12
12
|
spec.summary = %q{Verify and parse AWS Cognito JWTs to authenticate endpoints}
|
13
13
|
spec.homepage = "https://github.com/CodingAnarchy/cognito_token_verifier"
|
14
14
|
spec.license = "MIT"
|
15
|
+
spec.required_ruby_version = ">= 2.3.8"
|
15
16
|
|
16
17
|
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
17
18
|
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
@@ -20,9 +20,12 @@ module CognitoTokenVerifier
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def jwks
|
23
|
-
|
24
|
-
|
25
|
-
|
23
|
+
begin
|
24
|
+
raise ConfigSetupError.new(self) unless aws_region.present? and user_pool_id.present?
|
25
|
+
@jwks ||= JSON.parse(RestClient.get(jwk_url))
|
26
|
+
rescue RestClient::Exception, JSON::JSONError => e
|
27
|
+
raise JWKFetchError
|
28
|
+
end
|
26
29
|
end
|
27
30
|
|
28
31
|
def iss
|
@@ -12,11 +12,23 @@ module CognitoTokenVerifier
|
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
+
class JWKFetchError < StandardError
|
16
|
+
def message
|
17
|
+
"Error fetching JWKs for your Cognito user pool. Please verify your configuration of the CognitoTokenVerifier gem."
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
15
21
|
class TokenMissing < CognitoTokenVerifier::Error
|
16
22
|
def message
|
17
23
|
"Cognito token not provided. Please retransmit request with Cognito token in authorization header."
|
18
24
|
end
|
19
25
|
end
|
26
|
+
|
27
|
+
class TokenDecodingError < CognitoTokenVerifier::Error
|
28
|
+
def message
|
29
|
+
"Cognito token could not be decoded. Please ensure the request token is from the correct Cognito user pool and try again."
|
30
|
+
end
|
31
|
+
end
|
20
32
|
|
21
33
|
class TokenExpired < StandardError
|
22
34
|
def message
|
@@ -5,10 +5,13 @@ module CognitoTokenVerifier
|
|
5
5
|
attr_reader :header, :decoded_token
|
6
6
|
|
7
7
|
def initialize(jwt)
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
8
|
+
begin
|
9
|
+
@header= JSON.parse(Base64.decode64(jwt.split('.')[0]))
|
10
|
+
@jwk = JSON::JWK.new(CognitoTokenVerifier.config.jwks["keys"].detect{|jwk| jwk['kid'] == header['kid']})
|
11
|
+
@decoded_token = JSON::JWT.decode(jwt, @jwk)
|
12
|
+
rescue JSON::JWS::VerificationFailed, JSON::JSONError => e
|
13
|
+
raise TokenDecodingError
|
14
|
+
end
|
12
15
|
end
|
13
16
|
|
14
17
|
def expired?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cognito_token_verifier
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matt Tanous
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-02-
|
11
|
+
date: 2019-02-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -183,7 +183,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
183
183
|
requirements:
|
184
184
|
- - ">="
|
185
185
|
- !ruby/object:Gem::Version
|
186
|
-
version:
|
186
|
+
version: 2.3.8
|
187
187
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
188
188
|
requirements:
|
189
189
|
- - ">="
|